[openstack-qa] Is tempest must be able to operate without identity admin privileges?

Frittoli, Andrea (Cloud Services) frittoli at hp.com
Thu Jun 13 09:56:29 UTC 2013 

I would still maintain both static and dynamic accounts.
Running the tests using the same account over and over again provides is a
valid scenario, which may discover issues not visible in a fresh account.

With identity V3 if I'm not mistaken a domain admin will be able to create
users and tenants without being an overall identity admin.
This should help in the refstack case.  

andrea

-----Original Message-----
From: Attila Fazekas [mailto:afazekas at redhat.com] 
Sent: 13 June 2013 10:35
To: All Things QA.
Subject: Re: [openstack-qa] Is tempest must be able to operate without
identity admin privileges?

Ohh, I forget the password.

myuser-alt-0,tenant,domain,passwda0,myuser-0,tenant,domain,passwd0
myuser-alt-1,tenant,domain,passwda1,myuser-1,tenant,domain,passwd1
myuser-alt-2,tenant,domain,passwda2,myuser-2,tenant,domain,passwd2
myuser-alt-3,tenant,domain,passwda3,myuser-3,tenant,domain,passwd3

----- Original Message -----
From: "Attila Fazekas" <afazekas at redhat.com>
To: mordred at inaugust.com, "Jay Pipes" <jaypipes at gmail.com>
Cc: "All Things QA." <openstack-qa at lists.openstack.org>
Sent: Thursday, June 13, 2013 10:28:44 AM
Subject: Re: [openstack-qa] Is tempest must be able to operate without
identity admin privileges?

If we need really stricter test case isolation for parallel refstack usage,
providing more than 2 user can be an another option.

Is it an option ?

user pair / worker process.

One of the simplest user "pool" would be pair of users in a csv.

myuser-alt-0,tenant,domain,myuser-1,tenant,domain
myuser-alt-1,tenant,domain,myuser-1,tenant,domain
myuser-alt-2,tenant,domain,myuser-2,tenant,domain
myuser-alt-3,tenant,domain,myuser-3,tenant,domain

Many more effective solution possible.

----- Original Message -----
> From: "Monty Taylor" <mordred at inaugust.com>
> To: openstack-qa at lists.openstack.org
> Sent: Saturday, June 8, 2013 3:10:57 PM
> Subject: Re: [openstack-qa] Is tempest must be able to operate without
identity admin privileges?
> 
> 
> 
> On 06/08/2013 09:03 AM, Attila Fazekas wrote:
> > Do we want parallel execution in this cases ?
> > - obviously yes
> > - nice to have
> > - who cares
> 
> obviously yes/must have
> 
> > Can we expect larger quota than the default 10 in this case ?
> > - never
> > - usually
> > - always
> 
> always. I believe that if we have specific quota needs from a cloud 
> against which refstack runs, it's not unreasonable. It would be good 
> to have an understanding at some point of needed quota
> 
> > ----- Original Message -----
> >> From: "Sean Dague" <sean at dague.net>
> >> To: "All Things QA." <openstack-qa at lists.openstack.org>
> >> Cc: "Attila Fazekas" <afazekas at redhat.com>
> >> Sent: Saturday, June 8, 2013 1:49:40 PM
> >> Subject: Re: [openstack-qa] Is tempest must be able to operate 
> >> without identity admin privileges?
> >>
> >> On 06/08/2013 03:06 AM, Attila Fazekas wrote:
> >>> Hi All,
> >>>
> >>> In modeling viewpoint keeping the ability to run tempest without 
> >>> identity admin credentials is not easy.
> >>>
> >>> The demo and alt_demo user is still in the config to maintain the 
> >>> ability, to run tempest against a cloud where you do not know the 
> >>> identity admin credentials.
> >>>
> >>> I would like to know, is it real use case for anyone ?
> >>>
> >>> Without these users you lose the ability to run tempest against 
> >>> any cloud where you do not know the admin credentials.
> >>>
> >>> The benefits of removing these can give you:
> >>>   - simpler model
> >>>   - better role based test suite
> >>
> >> Yes, it is a real use case, we can't remove that.
> >>
> >> 	-Sean
> >>
> >> --
> >> Sean Dague
> >> http://dague.net
> >>
> > 
> > _______________________________________________
> > openstack-qa mailing list
> > openstack-qa at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> > 
> 
> _______________________________________________
> openstack-qa mailing list
> openstack-qa at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
> 

_______________________________________________
openstack-qa mailing list
openstack-qa at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa

_______________________________________________
openstack-qa mailing list
openstack-qa at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-qa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6202 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-qa/attachments/20130613/1d65d045/attachment-0001.bin>

More information about the openstack-qa mailing list